Critical Vulnerability in WordPress Bricks Plug-in (CVE-2024-25600)

Imechapishwa: Feb 22, 2024 14:21

Advisory No: TZCERT/SA/2024/02/22

Source: WordPress plugin Bricks Builder

Software Affected: Bricks Builder versions 1.9.6 and earlier

Overview

WordPress has released security updates to address a critical vulnerability (CVE-2024-25600) impacting their Bricks Builder Plug-in. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution and gain control of the server.

Description

CVE-2024-25600 (CVSS score of 9.8) is due to an eval function call in the ‘prepare_query_vars_from_settings’ function, which could allow an unauthenticated user to exploit it to execute arbitrary PHP code.

Impact

Successful exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

Solution

Users and administrators of affected product versions are advised to update to the latest version immediately.

Subscribe To TZ - CERT Newsletter

A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.

Subscribe
Ripoti Tukio